CVE-2013-7225 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 UNKNOWN	NETWORK	LOW		AV:N/AC:L/Au:S/C:P/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 70%

Affected Products (NVD)

Vendor	Product	Version
fatfreecrm	fat_free_crm	𝑥 ≤ 0.12.0
fatfreecrm	fat_free_crm	0.9.6
fatfreecrm	fat_free_crm	0.9.7
fatfreecrm	fat_free_crm	0.9.8
fatfreecrm	fat_free_crm	0.9.9
fatfreecrm	fat_free_crm	0.9.10
fatfreecrm	fat_free_crm	0.10.1
fatfreecrm	fat_free_crm	0.11.0
fatfreecrm	fat_free_crm	0.11.1
fatfreecrm	fat_free_crm	0.11.2

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

References

http://openwall.com/lists/oss-security/2013/12/28/2

http://seclists.org/fulldisclosure/2013/Dec/199

http://www.phenoelit.org/stuff/ffcrm.txt

https://github.com/fatfreecrm/fat_free_crm/commit/078035f1ef73ed85285ac9d128c3c5f670cef066

https://github.com/fatfreecrm/fat_free_crm/commit/d4b2de81a4d8c1b201482edcb2488ed9280a65fd

https://github.com/fatfreecrm/fat_free_crm/issues/300

https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29

http://openwall.com/lists/oss-security/2013/12/28/2

http://seclists.org/fulldisclosure/2013/Dec/199

http://www.phenoelit.org/stuff/ffcrm.txt

https://github.com/fatfreecrm/fat_free_crm/commit/078035f1ef73ed85285ac9d128c3c5f670cef066

https://github.com/fatfreecrm/fat_free_crm/commit/d4b2de81a4d8c1b201482edcb2488ed9280a65fd

https://github.com/fatfreecrm/fat_free_crm/issues/300

https://github.com/fatfreecrm/fat_free_crm/wiki/Fixing-security-vulnerabilities-%2827th-Dec-2013%29